From 794e1dac77f2c954310c5c33c9cec12673fb06d4 Mon Sep 17 00:00:00 2001 From: Matthias Frei Date: Fri, 6 Oct 2023 11:36:58 +0200 Subject: [PATCH] fixes WIP --- doc/manuals/common.rst | 22 +++++++++++++++++ doc/manuals/control.rst | 29 +++------------------- doc/manuals/router.rst | 34 +++++++++++++++++++++----- doc/protocols/authenticator-option.rst | 2 +- 4 files changed, 54 insertions(+), 33 deletions(-) diff --git a/doc/manuals/common.rst b/doc/manuals/common.rst index eedf781e27..863c58b15b 100644 --- a/doc/manuals/common.rst +++ b/doc/manuals/common.rst @@ -345,6 +345,28 @@ of the individual fields below. .. option:: addr = , required See ``control_service.addr``, above. + +.. _common-conf-duration: + +Duration Format +=============== + +Where duration values are loaded from configuration options, the following format is expected: + +.. code-block:: + + [\-0-9]+(y|w|d|h|m|s|ms|us|µs|ns) + +The unit suffixes have their usual meaning of ``y`` year, ``w`` week, ``d`` day, ``h`` hour, +``m`` minute, ``s`` second, ``ms`` millisecond, ``us`` or ``µs`` microsecond, and ``ns`` nanosecond. + +Mixed unit durations are not supported (e.g. ``1h10m10s`` is not supported). +The long duration units are simple factors, not calendar offsets: + +- ``d`` is always 24 hours +- ``w`` is always 7 days +- ``y`` is always 365 days + .. _common-http-api: HTTP API diff --git a/doc/manuals/control.rst b/doc/manuals/control.rst index 0bcbe80173..8b49295bc0 100644 --- a/doc/manuals/control.rst +++ b/doc/manuals/control.rst @@ -76,7 +76,7 @@ Environment variables This can only work correctly if the same value is set for all connected control services in the test network. - The format is a :ref:`duration ` with unit suffix (e.g. ``10s``). + Format: ref:`duration ` Configuration ============= @@ -264,7 +264,7 @@ considers the following options. .. option:: ca.service.lifetime = (Default: "10m") - Validity period (a :ref:`duration `) of JWT authorization tokens + Validity period (a :ref:`duration `) of JWT authorization tokens for the CA service. .. option:: ca.service.client_id = (Default: general.id) @@ -315,7 +315,7 @@ considers the following options. Expiration of cached entries in nanoseconds. - **TODO:** this should be changed to accept values in :ref:`duration format `. + **TODO:** this should be changed to accept values in :ref:`duration format `. .. object:: drkey @@ -775,29 +775,6 @@ There is one top-level entry for each type of metadata, all of which are optiona A free form string to communicate interesting/important information to other network operators. - -.. _control-conf-duration: - -Duration Format ---------------- - -Where duration values are loaded from configuration options, the following format is expected: - -.. code-block:: - - [\-0-9]+(y|w|d|h|m|s|ms|us|µs|ns) - -The unit suffixes have their usual meaning of ``y`` year, ``w`` week, ``d`` day, ``h`` hour, -``m`` minute, ``s`` second, ``ms`` millisecond, ``us`` or ``µs`` microsecond, and ``ns`` nanosecond. - -Mixed unit durations are not supported (e.g. ``1h10m10s`` is not supported). -The long duration units are simple factors, not calendar offsets: - -- ``d`` is always 24 hours -- ``w`` is always 7 days -- ``y`` is always 365 days - - Port table ========== diff --git a/doc/manuals/router.rst b/doc/manuals/router.rst index 6427ab6165..ec9e6ca126 100644 --- a/doc/manuals/router.rst +++ b/doc/manuals/router.rst @@ -58,6 +58,8 @@ Environment Variables Disable :term:`BFD`, unconditionally consider the connection alive. + Format: bool + Applies to BFD sessions to all sibling routers (other routers in the same AS). Can be overridden for specific inter-AS BFD sessions with :option:`bfd.disable ` in an interface entry in the ``topology.json`` configuration. @@ -66,7 +68,13 @@ Environment Variables Set the :term:`BFD` detection time multiplier. - Default 3 + + TODO Format this nicely, and make it consistent (also with control.rst, other?). + + + Format: unsigned integer + + Default: 3 Same applicability as above; can be overridden for specific inter-AS BFD sessions with :option:`bfd.detect_mult `. @@ -75,7 +83,10 @@ Environment Variables Defines the frequence at which this router should send :term:`BFD` control messages. - Default 200ms + Format: + ref:`duration ` + Default: + 200ms Same applicability as above; can be overridden for specific inter-AS BFD sessions with :option:`bfd.desired_min_tx_interval `. @@ -88,14 +99,25 @@ Environment Variables Same applicability as above; can be overridden for specific inter-AS BFD sessions with :option:`bfd.required_min_rx_interval `. -.. envvar:: SCION_TESTING_DRKEY_EPOCH_DURATION - Defines the global DRKey :ref:`Epoch` duration that the border router - assumes. +.. object:: SCION_TESTING_DRKEY_EPOCH_DURATION + + For **testing only**. + This option relates to :ref:`DRKey-based authentication of SCMPs ` in the + router, which is **experimental** and currently **incomplete**. + + Override the global duration for :doc:`/cryptography/drkey` epochs. .. envvar:: SCION_TESTING_ACCEPTANCE_WINDOW - Defines the acceptance window following the :ref:`SPAO specification`. + For **testing only**. + This option relates to :ref:`DRKey-based authentication of SCMPs ` in the + router, which is **experimental** and currently **incomplete**. + + Default 5m + + Defines the length of the window around the current time for which SCMP authentication timestamps + are accepted. See :ref:`SPAO specification `. Configuration ============= diff --git a/doc/protocols/authenticator-option.rst b/doc/protocols/authenticator-option.rst index 0770696036..a8ecca2efd 100644 --- a/doc/protocols/authenticator-option.rst +++ b/doc/protocols/authenticator-option.rst @@ -60,7 +60,7 @@ Timestamp / Sequence Number: (See :ref:`Appendix` for a more detailed explanation about the field interpretation). The timestamp MAY be used to compute the absolute time (*AbsTime*) value, which corresponds to the time when the packet was sent. - The section :ref:`Absolute time derivation` describes the derivation of *AbsTime* and + The section :ref:`Absolute time derivation` describes the derivation of *AbsTime* and the associated DRKey. The receiver SHOULD drop packets with *AbsTime* outside of a locally chosen